Title

The system must prevent local applications from generating source-routed packets. (Cat II impact)

Discussion

Source-routed packets allow the source of the packet to suggest routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures.

Check Content

Open a terminal session and enter the following command to view the value of "net.inet.ip.sourceroute". sysctl -a | grep net.inet.ip.sourceroute If the value of "net.inet.ip.sourceroute" is not set to "0", this is a finding.

Fix Text

Open a terminal session and edit the /etc/sysctl.conf file and add the following line. net.inet.ip.sourceroute=0 NOTE: If the sysctl.conf file does not exist use the following command to create one. touch /etc/sysctl.conf

Additional Identifiers

Rule ID: SV-38202r1_rule

Vulnerability ID: V-22413

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.